BL4 SMTP Server Buffer Overflow Vulnerability

Bugtraq ID:	17714
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 27 2006 12:00AM
Updated:	Apr 27 2006 06:11PM
Credit:	Dedi Dwianto discovered this issue.
Vulnerable:	BL4 SMTP Server 0.1.4
Not Vulnerable:

BL4 SMTP Server Buffer Overflow Vulnerability

BL4 SMTP Server is reported susceptible to a remote buffer-overflow vulnerability in its SMTP service. This issue is due to the application's failure to properly bounds-check user-supplied input before copying it to a finite-sized memory buffer.

This vulnerability allows remote attackers to crash the server, and execute arbitrary machine code in the context of the affected server process.

Version prior to 0.1.5 are reported to be affected by this issue. Other versions may also be affected.

BL4 SMTP Server Buffer Overflow Vulnerability

The following example of a denial-of-service exploit has been provided:

• /data/vulnerabilities/exploits/bl4smtpserver-lt0.1.5-dos.txt

BL4 SMTP Server Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

BL4 SMTP Server Buffer Overflow Vulnerability

References:

• [ECHO_ADV_30$2006] BL4's SMTP server BufferOverflow Vulnerable (Dedi Dwianto)
  
• BL4's SMTP server BufferOverflow Vulnerable ([email protected])